HHS Seeks Input on HIPAA Privacy Rules….Should the Rules be Modified?

OCR has heard calls to revisit aspects of the Rules that may limit or discourage information sharing needed for coordinated care or to facilitate the transformation to value-based healthcare.

A request for information has been issued by the by the Office for Civil Rights (OCR) to gain insight from the public on how Health Insurance Portability and Accountability Act (HIPAA) Rules, particularly the HIPAA Privacy Rule could be modified to reflect the administration’s objective of promoting coordinated value-based care.

In a press release by the OCR on the RFI, “HHS developed the HIPAA Rules to protect individuals’ health information privacy and security interests, while permitting information sharing needed for important purposes. However, in recent years, OCR has heard calls to revisit aspects of the Rules that may limit or discourage information sharing needed for coordinated care or to facilitate the transformation to value-based healthcare.”

Now, the RFI serves to request “information on any provisions of the HIPAA Rules that may present obstacles to these goals without meaningfully contributing to the privacy and security of protected health information (PHI) and/or patients’ ability to exercise their rights with respect to their PHI.”

In addition to requesting broad input on the HIPAA Rules, the RFI also seeks comments on specific areas of the HIPAA Privacy Rule, according to HHS, including:

• Encouraging information-sharing for treatment and care coordination

• Facilitating parental involvement in care

• Addressing the opioid crisis and serious mental illness

• Accounting for disclosures of PHI for treatment, payment, and health care operations as required by the HITECH Act

• Changing the current requirement for certain providers to make a good faith effort to obtain an acknowledgment of receipt of the Notice of Privacy Practices

HHS Deputy Secretary Eric Hargan while speaking with reporters said that the RFI is another crucial step in their Regulatory Efforts towards Coordinated Care, which is taking a close look at how regulations like HIPAA can be fine-tuned to incentivize care coordination and improve patient care, while ensuring that we fulfill HIPAA’s promise to protect privacy and security.”

He added, “In addressing the opioid crisis, we’ve heard stories about how the Privacy Rule can get in the way of patients and families getting the help they need. We’ve also heard how the Rule may impede other forms of care coordination that can drive value. I look forward to hearing from the public on potential improvements to HIPAA, while maintaining the important safeguards for patients’ health information.”